Recommend a 4G USB modem for remote island?
-
I have 3 pfsense boxes creating hardware IPSec tunnels among our 3 sites.
I want to set up a Netgate SG-1000 running pfsense at our 4th site, which is for occasional use by only 1-2 people, and where T-Mobile cellular is the only practical connection option. But it's a pretty good option, as all our phones had reliable signal and decent speeds on our last visit.
(I will also put a dedicated WAP behind the router, so for now I'm just worried about which 3G/4G modem to stick into a USB slot on the router).
I have browsed through the list of known-working 3G/4G modems, but many of them are difficult to find at retail, and it's difficult to tell which ones work best.
My criteria are:
-
Supports T-Mobile (USA). We already have a corporate T-Mobile account, so adding one device would be the least expensive route. I also talked to other island residents, and T-Mobile seems to be the best carrier at this particular locations.
-
Reliable. I just want it to work, every time, with no fiddling. The primary users at this site will be my elderly parents, and they just want to open their laptops and get their email. Site visits for support would be prohibitively expensive after the first setup visit.
-
Minimum of configuration required. I don't want something that breaks every time pfsense gets updated.
-
External antenna jack? This is a nice-to-have, not a requirement.
-
Speed. 3 Mbps would be fine, as long as it's reliable.
-
Cost. I see some modems for $29.00 and other for $299, and I'm not sure I understand what makes one modem better than another.
Thanks!
-
-
If tethering is allowed by T-Mobile and not outrageously expensive, maybe you could try USB tethering to your phone through the OTG port on the SG-1000.
-
If I really wanted it to work I would try something like this:
https://www.sierrawireless.com/products-and-solutions/routers-gateways/gx450-gx400/
Hopefully I would find a mode that allowed me to continue to use the firewall of my choosing.
-
If tethering is allowed by T-Mobile and not outrageously expensive, maybe you could try USB tethering to your phone through the OTG port on the SG-1000.
Yes, we all have tethering on our phones, but the two primary users of this location are my bosses/parents, and they're 74 and 83, respectively. They will never, ever, understand tethering unless I'm standing next to them, pushing all the buttons. And then they still won't understand what I've done; they'll just know that it works, and Steven made it work. Call Steven. Get him on a plane to Washington. He'll make it work.
No thanks! ;D
-
If I really wanted it to work I would try something like this:
https://www.sierrawireless.com/products-and-solutions/routers-gateways/gx450-gx400/
Hopefully I would find a mode that allowed me to continue to use the firewall of my choosing.
Ah, way out of my budget. It would also introduce several new potential points of failure, since now I have two boxes to manage, instead of one, plus a potentially unsupported interface between the pfsense box and the cellular modem box.
If I can find a USB modem that presents itself as a standard NDIS device, then pfsense should just work, correct?
-
T-Mobile cellular is the only practical connection option
Seriously? Im not aware of anywhere near me in WA state where T-mobile has anything above any of the other carriers.. If its about price then that's different.
https://cradlepoint.com/
Id be curious if you could find something from these guys that did the whole job for you. We are beginning to implement them in our vehicles and those of our customers in some cases. There are a few other manufactures out there with similar boxes that will easily do what you are looking for. As we are going the VPN route all it is to us is a connection.
Ill post them here later if I come across them.
-
T-Mobile cellular is the only practical connection option
Seriously? Im not aware of anywhere near me in WA state where T-mobile has anything above any of the other carriers.. If its about price then that's different.
Orcas Island. I'm not claiming that T-Mobile is best across the whole island, but in this particular location, we got plenty of coverage at reasonable speeds (YouTube was good), and our house visitors with Sprint or AT&T had none. We didn't have any Verizon visitors.
-
If I really wanted it to work I would try something like this:
https://www.sierrawireless.com/products-and-solutions/routers-gateways/gx450-gx400/
Hopefully I would find a mode that allowed me to continue to use the firewall of my choosing.
Ah, way out of my budget. It would also introduce several new potential points of failure, since now I have two boxes to manage, instead of one, plus a potentially unsupported interface between the pfsense box and the cellular modem box.
If I can find a USB modem that presents itself as a standard NDIS device, then pfsense should just work, correct?
It's not that simple unfortunately. NDIS is an MS Windows thingy and support for it in FreeBSD is trough the NDISWrapper tool suite that has lots of problems and hasn't been developed actively as of late. You would have much better luck tethering your android or apple smartphone because the native drivers for the tethering are available for FreeBSD although not directly included in pfSense.
Btw that device linked by Derelict has a standard ethernet port so nothing unsupported there.
-
Ah, I didn't realize NDIS on pfsense was not mature. But that Sierra Wireless device is way out of budget, and tethering to phones isn't an option for the reasons listed above.
So is there no USB modem that works well and is available at retail?
-
Quite a few of them actually work because they are at heart just USB serial ports with modems attached but finding one that works out of the box may be difficult because FreeBSD (what pfSense is based on) doesn't support any particular brand of devices. It supports low level chipsets and particular chipset models because the hardware manufacturers are not interested in supporting FreeBSD directly which means the device drivers for just about any device like a WLAN card or a 3G/4G modem are reverse engineered community contributed ones and often require manual tinkering to get working.
-
Do you have any model numbers that work reasonably well and that are still available at retail?
Thanks!
-
If its about price then that's different.
https://cradlepoint.com/
I'd be curious if you could find something from these guys that did the whole job for you.
Here's an update on this. I was able to find myself a used Cradlepoint MBR1200B for $70, shipped (!!!), so I bought it. And then I bought a ZTE MF683 for $64 and activated it with T-Mobile.
The basic connectivity part of it works. If I plug the modem into the CP unit, I can connect my laptop to it the CP over WiFi or Ethernet, and I have intarwebs!
But I can't get IPSec from the CP to my pfsense box to work. I've tried a zillion different things, and I'm having zero luck. It may have something to do with the Cradlepoint box, or it might be T-Mobile.
So I thought I'd try plugging the ZTE MF683 into my pfsense box to see if that works. Is there any sort of step-by-step guide to setting up a USB cellular modem on pfsense? The documentation page doesn't have anything regarding "cellular", "4G", "LTE", or even "modem" (except for the first link about cable modems).
I followed these instructions as far as I could, but I don't know how to populate the PPP Configuration:
I obviously know that I'm U.S. and T-Mobile, and when the ZTE MF683 was plugged into my CradlePoint box it showed epc.tmobile.com in the status, so I used that. I don't have a username or password, AFAIK, and the CradlePoint doesn't ask for one when I plug the modem into it; it just connects after ~30-45 seconds.
I have tried setting the Modem Port to both /dev/cuau0 and to /dev/cuau1, and the interface never comes up, either way. When I set it to cuau0 the pfsense System Log reports "MODEM: Fail to open serial port /dev/cuau0 on speed 115200". If I set it to cuau1 I get "CHAT: The modem is not responding to "AT" at ModemCmd: label." which sounds more promising, but it still doesn't connect.
Also, even though I click Apply Changes after setting the Country, Provider and Plan, they always come back up as unpopulated when I reload that screen.
Help!
-
Is there any sort of step-by-step guide to setting up a USB cellular modem on pfsense?
Something like a guide, but for good modems, not ZTE, sorry ;)
Please check here.
